package com.typhoon.spring_shiro.service.shiro;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.typhoon.spring_shiro.utils.ResponseUtils;

public class LoginAuthorizationFilter extends AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest req, ServletResponse resp, Object mappedValue) throws Exception {
        Subject subject = getSubject(req, resp);  
        if (null != subject.getPrincipals()) {  
            return true;  
        }  
        return false;  
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
		HttpServletResponse resp = (HttpServletResponse) response;
		Map<String, Object> results = new HashMap<String, Object>(2);
		results.put("code", "403");
		results.put("msg", "无权操作");
		ResponseUtils.renderJson(resp, JSONObject.toJSONString(results, SerializerFeature.WriteMapNullValue));
		// WebUtils.toHttp(response).sendError(403, "无权操作");
		return false;
	}

}
